**We help the world run better** At SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from. **The Role:** As a Cloud Network Security Engineer with deep focus on Web Application Firewall (WAF) rule tuning, DDoS mitigation, and cloud-native policy-as-code, you will play a critical role in designing, implementing, and maintaining robust cloud perimeter and workload protection strategies. You will own the continuous improvement of WAF rule sets, Network Security Groups (NSGs), security policies, DDoS detection and mitigation strategies, and threat detection logic—all delivered and maintained as code. Key Responsibilities Cloud WAF Design & Tuning + Define and implement WAF strategies using native services (e.g., AWS WAF, Azure WAF, Google Cloud Armor). + Conduct detailed analysis and tuning of WAF rules to reduce false positives while maintaining strong protections against OWASP Top 10 threats and custom application vulnerabilities. + Collaborate with application security and DevSecOps teams to align WAF configurations with business logic and risk profiles. DDoS Detection, Mitigation & Validation + Develop and continuously improve DDoS prevention and mitigation strategies across cloud platforms and network layers (L3, L4, L7). + Monitor DDoS metrics and anomalies, validate mitigation effectiveness, and fine-tune thresholds and countermeasures to balance security and legitimate traffic. + Collaborate with SOC and threat intelligence teams to investigate and respond to DDoS incidents, perform post-attack analysis, and produce mitigation reports. Security Policy-as-Code + Implement and manage cloud network and security controls as code using tools such as Terraform, AWS CDK, Azure Bicep, or Pulumi. + Maintain and audit security group, firewall, routing, and DDoS protection policies across AWS, Azure, and GCP for consistency and compliance. + Automate the deployment, validation, and rollback of security policies within CI/CD pipelines. Monitoring, Visibility & Threat Detection + Work closely with security operations and observability teams to ensure that WAF and DDoS logs, alerts, and security policy changes are captured, structured, and integrated into SIEM platforms (e.g., Splunk, ELK). + Analyze WAF/network logs and DDoS telemetry to identify patterns of abuse, misconfiguration, or performance degradation. Security Governance & Compliance + Define standards and templates for cloud firewall, WAF, and DDoS configurations to meet internal security baselines and external compliance requirements (e.g., ISO 27001, SOC 2, GDPR). + Participate in security reviews, audits, and risk assessments related to cloud networking, application ingress security, and DDoS defenses. Collaboration & Support + Partner with application owners, cloud engineers, and DevOps teams to provide secure-by-default network access and DDoS-resilient designs. + Provide L2/L3 support for escalated security incidents, change requests, or false positives related to WAF and DDoS protections. **What You Bring** + Bachelor's degree in Computer Science, Cybersecurity, or related field. + 5 years of experience in cloud security engineering or network security roles. + Expert-level hands-on experience with cloud-native WAF solutions: AWS WAF, Azure WAF, Google Cloud Armor. + Deep understanding of WAF rule tuning, threat signatures, regex patterns, anomaly detection, and DDoS attack vectors and mitigation techniques. + Proficient in network security configurations including NSGs, firewalls, VPC/Subnet security, and zero-trust principles. + Experience with Infrastructure-as-Code and Policy-as-Code using Terraform, AWS CDK, Bicep, or equivalent. + Solid scripting skills (Python, Bash, etc.) for automation, custom tooling, and DDoS mitigation orchestration. + Familiarity with DevSecOps practices and integrating security controls into CI/CD pipelines. + Experience with multi-cloud environments (AWS, Azure, GCP) and hybrid networks. **Bonus Points** + Cloud certifications (e.g., AWS Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer). + Experience with security frameworks like MITRE ATT&CK, CIS Benchmarks, and NIST 800-53. + Knowledge of API security testing and DDoS mitigation strategies. + Experience working with SIEM platforms and log analytics for WAF incident detection. + Contributions to open-source security tools or WAF rule sets. **Why Join Us** + Be a part of a world-class cloud security engineering team shaping the security of critical infrastructure. + Solve complex problems in a high-scale, multi-cloud enterprise environment. + Drive meaningful impact on the resilience and trustworthiness of business-critical applications **About SAP Enterprise Cloud Services:** SAP Enterprise Cloud Services provides mission-critical cloud solutions to our global customers, ensuring high availability, performance, and security. We are building the next generation of cloud infrastructure and operations, emphasizing automated, low-touch, and secure cloud environments. ​ **Bring out your best** SAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best. **We win with inclusion** SAP’s culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone – regardless of background – feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world. SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the SAP Referral Policy (https://one.int.sap/me@sap/jobs\_at\_sap#17498858-1050-415e-8d82-21f91655666b\_96fc) . Specific conditions may apply for roles in Vocational Training. **EOE AA M/F/Vet/Disability:** Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability. Successful candidates might be required to undergo a background verification with an external vendor. Requisition ID: 432439 | Work Area: Information Technology | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: \#LI-Hybrid.